-
138 votes
-
It’s official: Cars are the worst product category we have ever reviewed for privacy
130 votes -
The voting on topics and comments now ends when they're 30 days old and all individual vote records are deleted, retaining only the count
This is a privacy-related update that I've always intended to implement on Tildes, and I finally spent some time on it this week. Keeping eternal records of everything that every user ever voted...
This is a privacy-related update that I've always intended to implement on Tildes, and I finally spent some time on it this week.
Keeping eternal records of everything that every user ever voted on is some of the most sensitive data that sites with a voting system have. Your voting history says a huge amount about you, your interests and opinions, and can even serve as a decent proxy for showing what times you were active on the site, what posts you were reading, and how long you spent reading the comments on each of them. In exchange for these major privacy implications, you get the tiny benefit of being able to tell which old posts you voted on (if you even go back to old posts).
So now, to match up with Tildes's general approach of deleting as much sensitive data as possible after 30 days, the voting on posts closes when they're 30 days old. After a post's voting is closed, the records of which individual users voted on that post are deleted, but the count of how many votes there were is kept. So old posts will continue showing their same "scores" exactly the same as before, but there will be no record of which individual users cast those votes.
However, this isn't a purely positive update: the main downside is that the voting does need to be closed (otherwise there would be no way to prevent people from voting again after their first vote is deleted), which prevents the occasionally useful ability to vote on old topics or comments. Overall though, voting on older posts is extremely rare, with less than 1% of the votes on Tildes ever made on something that was over 30 days old at the time of voting.
When the "delete old sensitive data" job runs for the first time after this update later today, 97% of the voting data in the database will be deleted. That's a massive decrease in the amount of sensitive data the site is retaining, and something that most sites would never consider doing, because of the value of that data for behavior analysis and ad-targeting.
121 votes -
Time to delete your Glassdoor account and data
102 votes -
Reddit is removing ability to opt out of ad personalization based on your activity on the platform
93 votes -
Man unable to interact with any of his smart devices for a week after delivery driver accuses him of being racist
89 votes -
AI is ruining the Internet
88 votes -
I'm planning to enable the "mark new comments" feature for everyone - any major concerns?
Something that's come up in discussions a few times recently is how important it is to have good default settings. Even users who are quite technical and involved don't always explore which...
Something that's come up in discussions a few times recently is how important it is to have good default settings. Even users who are quite technical and involved don't always explore which settings are available, and that's totally fine—they shouldn't need to. The default setup should be as good as possible, with changing settings mostly for specialized cases.
One particular place on Tildes where this isn't currently being done well is for the "mark new comments" feature, which has always been disabled by default. I think it's one of the best features on the site and makes it much easier to follow ongoing discussions here than on other sites with similar comment systems, but overall, not many users have enabled it.
For example, Tildes got some attention on Hacker News again yesterday, and about 80 new users have registered so far from that. Only 9 of them enabled "mark new comments", even though the welcome message strongly encourages it. Looking at longer periods of time, this seems typical: only about 10% of users ever enable it.
As it says on the settings page for the feature, my reason for disabling it by default was out of privacy concerns. However, I've been doing some review of the data that Tildes stores lately and realized that this was kind of misleading and inaccurate. Because I have HTTP request server logs and some other related data (which is all only kept for 30 days), I effectively have topic visit records from the last 30 days for all users anyway, whether they have the feature enabled or not. The data is more convenient to access for users with the feature enabled, but it's available either way.
Because of that, and because the data will be very useful to combine with some of the upcoming changes I mentioned in the last ~tildes.official post, I'm planning to enable this feature for everyone. Here are the general plans:
- Data about which topics' comments pages a user visits will be stored (for 30 days), along with when and how many comments were there at the time. This enables displaying which topics have new comments since your last visit, and marking those new comments.
- There will no longer be a setting to disable this, but you can still choose whether previously-seen comments are collapsed when you return - the same as the existing checkbox on that page for "Collapse old comments when I return to a topic".
- I will probably implement some sort of "stop informing me of new comments in this topic" feature (separate from the new Ignore one) to stop having the info about new comments in a topic showing up for you.
Please let me know if you have any thoughts or concerns about this. If nothing major comes up, I intend to make this change later this week.
82 votes -
France passes bill to allow police to remotely activate phone camera, microphone, and GPS, in order to spy on people
79 votes -
YouTube anti-adblock detection is illegal in the EU
77 votes -
Privacy is priceless, but Signal is expensive
74 votes -
Philips Hue will force users to upload their data to Hue cloud
72 votes -
Where is everyone hosting their email these days?
This is more focused towards those that use custom domains for their email. My current plan is up at Zoho for my team in a month, and even though I've used them for the past few years its been...
This is more focused towards those that use custom domains for their email. My current plan is up at Zoho for my team in a month, and even though I've used them for the past few years its been hit-or-miss (especially when using third-party apps or programs).
Who do you use? Who do you not trust? Who would you never go back to?
Sidenote: I hope this might eventually kick off a ~privacy group, one day.
72 votes -
Apple threatens to pull FaceTime and iMessage in the UK over proposed surveillance law changes
71 votes -
By summer 2019, the Firefox browser will also block, by default, all cross-site third-party trackers
@jensimmons: By summer 2019, the Firefox browser will also block, by default, all cross-site third-party trackers, strengthening privacy without your having to do a thing." https://t.co/cqpQbSe9Ko
69 votes -
Are phones really listening to us at all times?
Had an interesting conversation with my colleagues this morning. We were pretty split whether phones listen to us for advertising or not. On one hand, we anecdotally see Google news and ad...
Had an interesting conversation with my colleagues this morning. We were pretty split whether phones listen to us for advertising or not.
On one hand, we anecdotally see Google news and ad suggestions based on what we say. We know our mics are on at all times for voice assistant and music detection. But we also read online talking about how there is no evidence about the phones recording us. It's hard to trust anything nowadays.
67 votes -
Reddit announces online presence indicators
67 votes -
Why I don't like ads
65 votes -
Court rules automakers can record and intercept owner text messages (potentially misleading, see comments)
64 votes -
Discord to start showing ads for gamers to boost revenue
62 votes -
YouTube orders ‘Invidious’ privacy software to shut down in seven days
62 votes -
ProtonMail on all the data that Outlook collects about your email
61 votes -
Signal messenger releases 'usernames' so you no longer need to tell someone your phone number in order for them to message you
59 votes -
Threads is the perfect Twitter alternative, just not for you
59 votes -
Automakers are sharing consumers’ driving behavior with insurance companies (gifted link)
58 votes -
$5 billion Google lawsuit over ‘Incognito mode’ tracking moves a step closer to trial
58 votes -
How GM tricked millions of drivers into being spied on (including me) (gifted link)
56 votes -
GM sued for sale of OnStar driving data
54 votes -
Simple Mobile Tools bought by ZipoApps (company offering apps with ads and tracking)
53 votes -
Mozilla’s Annual Consumer Creep-O-Meter
52 votes -
Meta has long fought Europe's demands that it get people's consent before using their data for targeted ads – then a Norwegian regulator threatened daily fines
51 votes -
Google seems to be running OCR on photos in my Gmail. Is this happening to you too?
This morning I was asked to find an archived email with photos of some scientific equipment. I searched "Powerlab," the name of one of the instruments, in gmail, and the email came right up....
This morning I was asked to find an archived email with photos of some scientific equipment. I searched "Powerlab," the name of one of the instruments, in gmail, and the email came right up. Great! But then I noticed that the word "powerlab" never appeared in the text of the email. I tried searching "ML206", an arbitrary character string from one of the photos in the email, and again, the email appeared in the search, without the search phrase highlighted in the search result, as it normally would be. I tried different phrases from jpgs in emails; not all yielded search results but some did.
I'm not happy about this. I accept some compromises to privacy when using Gmail, but sending text as an image can be a way of specifically avoiding information being harvested. All I ask for is a way to turn it off.
Can anyone replicate this? Did anyone already know about this?
51 votes -
My new apartment’s most aggravating feature (latch smart locks)
50 votes -
Age verification is incompatible with the internet
50 votes -
Chrome's new forced login policy is a violation of user privacy and trust
50 votes -
Firefox’s fight for the future of the web: With Google’s Chrome dominating the market, not-for-profit rival Mozilla is staking a comeback on its dedication to privacy
49 votes -
No Instagram Threads app in the EU: Ireland's Data Protection Commission says Meta's new Twitter rival won't be launched there
48 votes -
Scott Alexander has deleted his Slate Star Codex blog due to the New York Times planning to reveal his real name in an article
48 votes -
What a bunch of A-list celebs taught me about how to use my phone
47 votes -
No more phone number swaps: Signal messaging app now testing usernames
46 votes -
What steps do you take to secure your online use and privacy?
I do the following: Use a VPN (NordVPN) Use Firefox with a tweaked about:config and the following security extensions: uBlock Origin NoScript HTTPS Everywhere Privacy Badger Decentraleyes Cookie...
I do the following:
- Use a VPN (NordVPN)
- Use Firefox with a tweaked about:config and the following security extensions:
- uBlock Origin
- NoScript
- HTTPS Everywhere
- Privacy Badger
- Decentraleyes
- Cookie Autodelete
- Skip Redirect
- CanvasBlocker
- Run Linux Mint (I know, Ubuntu-based distros aren't ideal but I'm a Linux beginner)
- Don't have any social media as of a year ago
- Don't use any Google services, including YouTube, Google Search, or Gmail
- Use a password manager (KeePassXC)
The next step would be for me to switch from iPhone to Android running Lineage OS, but money is a bit tight right now. As for day-to-day lifestyle choices, I try to use cash whenever possible and never sign up for things like store rewards programs.
What's your setup? Do you consider yourself a privacy-minded individual? Are you more concerned with protecting yourself from corporate or government entities?
46 votes -
Giving up on privacy
I have been an advocate for privacy for a long time, but recently I don't even know why I am doing this anymore. I do most of my browsing through TOR, and that has made me give up a lot of...
I have been an advocate for privacy for a long time, but recently I don't even know why I am doing this anymore. I do most of my browsing through TOR, and that has made me give up a lot of conveniences. And that's what I miss. I miss not having to think about privacy. I also miss not feeling like I am being spied on. Now I am torn. I don't like companies like Google mining my data, but I also think I am being paranoid (the people in my life have shared this sentiment). I don't want to leave a permanent cache of my mind. But I also feel like doing so won't really affect me. Not to mention that I despise the predatory nature of advertisers, and I hate giving them even more info about me.
What do I do, Tildes? Have any of you felt this way? How do you balance running from Google while still staying sane?
46 votes -
How Signal walks the line between anarchism and pragmatism
45 votes -
A new bill would force internet companies in the USA to spy on their users for the Drug Enforcement Administration
45 votes -
Tax prep companies shared private taxpayer data with Google and Meta for years, congressional probe finds
45 votes -
Forget privacy: you're terrible at targeting anyway
45 votes -
CEO of data privacy company Onerep.com (used by the Mozilla Monitor service), founded dozens of people-search firms
44 votes -
Twenty-six billion records exposed in massive leak, including data from Linkedin, X, Dropbox
44 votes -
The ESRB wants to start using facial recognition to check people's ages
44 votes -
Google updates its privacy policy to clarify it can use public data for training AI models
44 votes